[ISN] Anti-Terror Hackers Claim Arab National Bank Breach

From: InfoSec News (isnat_private)
Date: Fri Oct 12 2001 - 04:47:59 PDT

  • Next message: InfoSec News: "Re: [ISN] Security hole found in Symantec update tool"

    http://www.newsbytes.com/news/01/171035.html
    
    By Brian McWilliams, Newsbytes
    RIYADH, SAUDI ARABIA
    11 Oct 2001, 8:51 AM CST
     
    Vigilante hackers apparently penetrated the security of a Saudi bank
    Wednesday, even as the hackers' own Web site was defaced by a
    notorious computer prankster, Fluffi Bunni.
    
    In an effort to locate financial information about terrorists, a
    member of a group called Yihat claims to have breached the defenses of
    an Internet-connected server operated by Arab National Bank.
    
    As proof, the hacker, who uses the nickname "Splices," provided
    Newsbytes with three spreadsheet files allegedly gleaned from the
    server. The files apparently contained records of accounts held by a
    handful of ANB customers. None of the names on the accounts appear on
    the recently released list of 22 terrorists most wanted by the FBI.
    Nor do the customer names appear to match those of top Taliban
    officials.
    
    The compromised system, which was separate from the bank's Web site at
    http://www.anb.com.sa , was running Microsoft's Windows 2000 operating
    system. According to Splices, the server was configured to allow file
    sharing by unauthorized remote users.
    
    A security consultant, who requested that his identity not be
    revealed, confirmed that the ANB server was not protected by a
    firewall and had directories accessible to outside users.
    
    A spokesperson for ANB told Newsbytes the bank had no indication that
    its Web server was penetrated. The official did not provide
    information on the status of the allegedly compromised separate
    system.
    
    According to Splices, who said he is an American citizen, Yihat's
    intent wasn't to harm the bank but to "look for terrorists." The
    hacker said he has turned the information over to Yihat's leader who
    will forward the data to U.S. law enforcement.
    
    Yihat, which stands for Young Intelligent Hackers Against Terrorism,
    is organized by Kim Schmitz, a controversial German hacker turned
    entrepreneur. Schmitz has offered a $10 million reward for the capture
    of Osama bin Laden.
    
    Schmitz's personal site and that of Yihat were defaced Wednesday night
    apparently by a hacker calling himself Fluffi Bunni. The attacker
    replaced the home page of Yihat's site at Kill.net with one that
    included a photo of Osama bin Laden and a doctored version of Yihat's
    logo that read "Young Idiotic HaXorz and Terrorists."
    
    Fluffi Bunni also replaced the home page of Schmitz's site at
    Kimble.org with a lewd image of a pink toy rabbit and the words "The
    Fluffy Bunny has owned you." (Note that the hacker changes the
    spelling of his name, sometimes it's Fluffi Bunni and sometimes Fluffy
    Bunny.)
    
    Both sites were not functioning properly this morning. Schmitz was not
    immediately reachable for comment.
    
    On a hacking message board, one participant wrote of the defacements:
    "Maybe Kimble should use some of that reward money to hire someone who
    can secure his own servers."
    
    Last month, Schmitz claimed that Yihat members were able to penetrate
    AlShamal Islamic Bank in Sudan and collect data on the accounts of Al
    Qaeda terrorists and Osama bin Laden.
    
    Schmitz provided no proof of the incursion, but claimed to have turned
    information over to the FBI. The agency would not confirm or deny
    whether such an exchange had occurred.
    
    In an e-mail to Newsbytes earlier this week, Schmitz said "Face the
    fact, I have a track record and I reached my goals. I have no need to
    lie about the Shamal hack."
    
    A mirror of the Kill.net defacement is here:
    http://defaced.interrorem.com/mirror/2001/10/11/www.kill.net .
    
    The Kimble.org defacement is archived here:
    http://defaced.interrorem.com/mirror/2001/10/11/www.kimble.org .
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.
    



    This archive was generated by hypermail 2b30 : Fri Oct 12 2001 - 10:29:01 PDT